Jump to content
Security Installer Community

Hello From A Security Researcher


cybergibbons

Recommended Posts

Posted

1. Replay attacks have not been possible against most car keyless entry systems for 10+ years. The methods to prevent against this are widely documented, but aren't mandated in the standards and aren't used in all systems. This is a software function.

How do you think the development budget of say an automotive brand like Citroen & an equipment supplier like Valeo, Bosch or Delphi compare to Alarm panel manufactures ?

This is getting a bit touchy. CG is right that what we a fitting are inadequate when it comes to vulnerability.

Price point, walk out of ADI with a grands worth of radio kit & it will easily fir into the boot of the old BMW which somebody paid 30k & they never resolved OBII port issue ?

Mr th2.jpg Veritas God

Posted

This is getting a bit touchy. CG is right that what we a fitting are inadequate when it comes to vulnerability. Data information security far exceeds that of alarms and it could be perceived as being blasé not have considered them but they are not deemed as common attack types for the industry. i would be pleased to hear of the preventative measures you could recommend/suggest especially to existing systems already installed.

It's awkward for existing alarms. Most if them don't allow the microcontrollers in the detectors to be upgraded, so you are stuck with what you have.

A jamming detector that was better than most of the stock jamming detection could be added as a wired detector.

How do you think the development budget of say an automotive brand like Citroen & an equipment supplier like Valeo, Bosch or Delphi compare to Alarm panel manufactures ?

Price point, walk out of ADI with a grands worth of radio kit & it will easily fir into the boot of the old BMW which somebody paid 30k & they never resolved OBII port issue ?

I don't know how their budgets compare. If that were the cause, it would be absolutely clear that profit and not security were the main driver of the manufacturers.

More to the point, the keyless entry systems mostly use a readily available chipset that costs a few dollars per piece. It doesn't require development from scratch.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

I don't know how their budgets compare. If that were the cause, it would be absolutely clear that profit and not security were the main driver of the manufacturers.

 

They are a commercial company? Profit is the driver.

In fairness the industry demanded cheap kit, all the manufactures have done is give us what we wanted.

As an approved company, we have to install kit that is graded. I have no choice. Even if they are full of security issues there isn't a think I can do about it.

www.securitywarehouse.co.uk/catalog/

Posted

This is getting a bit touchy. CG is right that what we a fitting are inadequate when it comes to vulnerability. Data information security far exceeds that of alarms and it could be perceived as being blasé not have considered them but they are not deemed as common attack types for the industry. i would be pleased to hear of the preventative measures you could recommend/suggest especially to existing systems already installed.

Not really. I'd be interested to know your background to understand your viewpoint. CG is making out this wireless issue is the be all and end all of wireless systems. Again I've stated that this attack doesn't fit the grade and while it may be an issue with the kit which the manufacturers should look in to and try to rectify its still not helping everyone.

You are trying to tell people their alarms don't work and aren't fit for purpose when they actually are and cope well with the attacks they are designed for. Comments like the above in a public thread are downright shameful and I'm starting to get annoyed at this thread.

Once again CG, the work your doing is great, no one will say it isn't. Claiming the systems are therefor redundant and no one cares is just hogwash. Your research would probably help the next generation of kit. You could earn yourself some serious r&d funding or even a job out of the work your doing but you're going about it in all the wrong ways.

Posted

CG is making out this wireless issue is the be all and end all of wireless systems.

Once again CG, the work your doing is great, no one will say it isn't. Claiming the systems are therefor redundant and no one cares is just hogwash. Your research would probably help the next generation of kit. You could earn yourself some serious r&d funding or even a job out of the work your doing but you're going about it in all the wrong ways.

I'm not making out this is the be all and end all. I'm saying there are problems, and manufacturers will not take any notice at all. My main issues are around the standards and lack of disclosure - I see absolutely no reason why these can't happen in grade 3 and grade 4 alarms. There isn't any process of disclosure or even reporting vulnerabilities.

People are saying it's a bad idea - look at Adrian's response - "If you have managed to reverse engineer our protocol i would be glad to see you in court" - this isn't the first time this has happened. Why the aggressive stance on this? It meets the spec, what issue is there in reverse engineering it?

They are a commercial company? Profit is the driver.

In fairness the industry demanded cheap kit, all the manufactures have done is give us what we wanted.

As an approved company, we have to install kit that is graded. I have no choice. Even if they are full of security issues there isn't a think I can do about it.

Ok, so your sentiment is things are they way they are, and you can't see a way of it changing, so we might as well just let it go?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

I can only work with the tools that I am provided with and I don't have an R&D team or the commercial justification to design out own panel so I have to accept what the rules are and what is available to me to comply with those rules. If there was only a fiat punto available as a car, and it was the only option over walking then I'd use the punto despite the fact that it's not the best car in the world. If there was a punto and a focus available I'd probably choose the focus. If it was a choice between the punto, focus and a porche then although the proche would be much better, it would be more than I want to pay so I'd make do with the focus.

 

The kit we use is the same issue. There are cheap nasty detectors and very good ones. Through choice we use the Aritech ones that are at the porche end of the market but most of our end users want cheap cheap cheap. If end users were so concerned about ultimate quality, Waitrose would be the largest supermarket chain, but they are not, they sell to a niche market that want the quality. The mass market wants cheap and it will do.

 

One of the hardest things I personally find is we offer the customer the punto, focus and proche. 7/10 they choose the punto and ignore our professional advice. I don't doubt you have found a ton of issues with the kit you tested, we find many in service issues with different manufacturers kit but as you have discovered, rarely do they care. Adrian is one of the very few that I have every confidence (although we don't use their kit) that if there was a serious problem with their product, Adrian and his team are 1st class and would address it. Most of his competitors would not.

 

I can understand Adrians frostiness. R&Ding a product and developing something from scratch takes a lot of blood, sweat and tears and contains many items that are private and protected by copyright. If some bloke on the interweb tried to reverse engineer software we had spend hundreds of thousands to develop then I'd be upset. You maybe trying to reverse engineer it from a interest point of view, but equally you might want to reverse engineer it to use non Texecom kit on their panels which would upset them and rightly so.

 

I have many other issues where I feel we don't do the right thing by the customer because of a standard that I have to comply to. Issues with these rules concern me more than the encryption key length on an alarm system.

 

In an idea world we want to provide the best of everything, but our customer doesn't want the best. Most of the time he wants something that will do and the kit currently available fits that need.

www.securitywarehouse.co.uk/catalog/

Posted

CG, do you have a vested interest in this as you come across a little bitter?

Nothing is foolproof to a sufficiently talented fool.


Posted

CG, do you have a vested interest in this as you come across a little bitter?

Sorry, can you point out which bit where I seem bitter? What kind of vested interest could I have?

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted

There are some routes for disclosure thankfully and in most cases this would be direct with the manufacturer and in the spirit of responsible disclosure this can usually be agreed.

 

There are a number of wider industry points of contact so that any irresponsible manufacturers (anyone ignoring repeated warnings) can still have vulnerabilities brought ethically to the attention of the market.

 

I know that there are some misunderstandings happening here at the minute about CyberGibbons motivation.  He is not trying to sell anything and his blog helps explain some of his aims and findings.

 

CG, I would also ask you to consider perspective for Adrian specifically.  Your first posts attacked alarm panel manufacturers and standards contributors which means Adrian was in the firing line on both counts.  I know it wasn't your intention, but I kind of understand why Adrian would react in a defensive manner initially as I know he fights hard to get progressive and effective changes into a standard when it is difficult with the various agendas at hand.  There are all kind of politics involved.

 

You will find much support and interest here CG - Help us to help you to foster it and work closely (read directly) with the manufacturers to improve what is in reality sub-optimal situation at the moment.



CG, do you have a vested interest in this as you come across a little bitter?

 

lol Norm - CG there are a lot of personalities on this board, don't take everything at face value as what can seem vitriol is 99% of the time just banter and windups

btn_myprofile_160x33.png


 

Posted

Sorry, can you point out which bit where I seem bitter? What kind of vested interest could I have?

You seem a little angry that certain manufactures in the security industry make rubbish products, as if you have been effected by this personally?

www.securitywarehouse.co.uk/catalog/

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.